Week 38 in Review – 2010

Security BSides Kansas City Re-cap – infosecramblings.com
BSidesKC was a one day, one track conference packed full of great talks given by great speakers. Below you will find brief descriptions of each talk along with links to the slides where available.

What I personally learned at CyberRAID – h-i-r.net
Blind SQL injection and RCE exploits are very popular, so crafty hackers and pen-testers often try to leverage these vulnerabilities to launch some process that can notify them that their exploit has worked.

Review: Advanced Penetration Testing (APT) – ethicalhacker.net
This year I had the opportunity to take a few stellar instructor-led training courses, one of which was Joe McCray’s “Advanced Penetration Testing: Pentesting High Security Environments” course from his training entity LearnSecurityOnline.

Website Security Statistics Report (2010) – Industry Bechmarks – jeremiahgrossman.blogspot.com
“How are we doing?” That’s the question on the mind of many executives and security practitioners whether they have recently implemented an application security program, or already have a well-established plan in place.

How to View a Report in WACA? – msdn.com
Web Application Configuration Analyzer v1.0 is the latest tool released by our team that scans a machine for deployment best practices.

How to Scan a Server using WACA? – msdn.com
The tool will perform prerequisite scanning first to determine server existence, administrative access, IIS and SQL versions and remote services availability.

Websecurify 0.8 Alpha 1 – code.google.com/p/websecurify/
Websecurify is a powerful web application security testing platform designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies.

Really, Adobe? – attackvector.org
Anyway, a penetration testing company named Ramz Afzar has released an unofficial patch to fix the Adobe vulnerability, because apparently Adobe has had a difficult time figuring one out on their own.

Episode #113: Checking for Prints – commandlinekungfu.com
Right, so I needed to come up with something quick for this week because of my travel time crunch. And as I was prepping to head to Vegas, the perfect idea occurred to me as I typed the following command.

Adobe fixes Flash security hole
Adobe Systems Inc. today rushed out a software update to remedy a dangerous security hole in its ubiquitous Flash Player that hackers have been exploiting to break into vulnerable systems.

DIY Laser Listening Device – hackedgadgets.com
The idea is that sound from someone speaking will vibrate the window that is in the same room as them. If you bounce a laser beam from a 5mW laser module off the window the laser beam will be deflected slightly as the window vibrates.

Five Reasons “dot-secure” Will Fail – taosecurity.blogspot.com
The officer, Gen. Keith B. Alexander, suggested that such a heavily restricted network would allow the government to impose greater protections for the nation’s vital, official on-line operations.

About Us

Infosec Events is dedicated to the growing information security industry. We strive to provide useful information and resources to those in the industry. Don't hesitate to contact us should you need anything.